This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sergio_Lima1
Participant
‎2018-01-10 03:51 AM

Best way to deploy VSX - dedicated interface or lead by vritual-switch

Good day all - trust you're doing well today!

Sorry for dummy question but, I'm planning to deploy a new VSX firewall in DC (in cluster mode, a pair of SG-2200) and, I stopped in a doubt about which is best to manage/configure interfaces on firewall: using dedicated interfaces with VLANS or using interfaces lead by virtual switch? which is best

5 Replies
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2018-01-10 05:51 AM

SG2200 will be way too small to run VSX buddy Smiley Happy only 2 cores and not much memory. Stay away Smiley Happy

Sergio_Lima1
Participant
‎2018-01-10 05:59 AM
In response to Kaspars_Zibarts

Hi Kaspars; thanks for heads-up; we will deploy for a no large requirements for our customer.

My main concern is about which model of topology we can use/determine to maximize performance and reduce overrun/overload both VSX capacity. Not sure if I configure virtual-systems as a regular interface or uses interfaces based on virtual switch (leads by switch). Your advice will be welcome and helps very much.

0 Kudos
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2018-01-10 09:00 AM
In response to Sergio_Lima1

Hmm, I'm still not 100% if you can even run VSX on those - have you done that already just the basic install?

Switch or not is a personal preference. I have seen both scenarios, even with virtual router. Really depends on your network topology and requirements. Think that virtual switch is another VS that you need to spin up that will chew your already tiny resources...

Sergio_Lima1
Participant
‎2018-01-11 03:30 AM
In response to Kaspars_Zibarts

Well, I discussed here with network guru guys and their suggestion was to using regular interface instead. I review all interconnections needed and see that we will gain some control and reduce overrun on SG processor and memory usage. Our topology, I tried to keep simple and clean, but some application services need to specific control and network separation (layer 2 VLAN) and access controlled directly by firewall rules.

Anyway, many thanks for your input; appreciate.

Michael_Lawrenc
Contributor
‎2018-01-10 05:03 PM

The typical deployment, as I understand it, is to vswitch the internal interfaces and then trunk them to the internal core and leave the external interfaces as straight up LAN/VLAN.  Are you talking about virtual switches inside, outside or both?  A lot depends on your environment. 

Bear in mind VSX is intended to provision multiple gateways leading to multiple internal networks.  i.e. - to firewall each network with its own gateway/cluster.  It's a "rack in a box" solution. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events